Hey, On Tue, Jun 20, 2017 at 07:42:27AM +0200, Jan Kurik wrote: > = System Wide Change: Kerberos KCM credential cache by default = > https://fedoraproject.org/wiki/Changes/KerberosKCMCache > > Change owner(s): > * Jakub Hrozek <jhrozek AT redhat DOT com> > > Default to a new Kerberos credential cache type called KCM which is > better suited for containerized environments and provides a better > user experience in the general case as well. > > [...] > > == Scope == > * Proposal owners: > SSSD developers will implement a KCM server. The deamon along with a > krb5.conf snippet will be packaged in a subpackage called `sssd-krb5`. > The interested variants of Fedora that would wish to opt in would add > the `sssd-krb5` subpackage to their compose. > > * Other developers: > None required Based on my past conversations with the Identity Management folks, I think we want this in Workstation. So we also need to support KCM caches in gnome-online-accounts for the GNOME integration. The upstream bug is https://bugzilla.gnome.org/show_bug.cgi?id=779140 Maybe we should also track it in Fedora? (One problem with the existing KEYRING caches is the lack of a notification API. The Kerberos integration in GNOME through gnome-online-accounts ends up having to poll the kernel's keyring every few seconds to find out about the state of credentials. In contrast, KCM is supposed to use D-Bus signals for notification, and in the past one could use inotify watches with FILE and DIR caches.) Cheers, Rishi _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
